| Posted by Logicidea, 10-16-2009, 10:31 AM | | What's the best way to temporarily shut down outgoing mail from a server in case of spam issues? Close ports 25/26? Not sure if email would be queued and released when the ports open again.
|
| Posted by Ramprage, 10-16-2009, 10:45 AM | | Closing the port will block both incoming/outgoing.
I would suggest stopping the mail server completely.
What you can also do is setup a mailbag. Alternate mx records for each domain so if the primary mail servers down it goes to the second system. The second server will still be online, receiving and holding incoming mail until the primary server is back online. When it does come back online it will then forward mail to the primary server so no mail is lost.
The only thing is you can't send outgoing mail during this time but you can still receive it.
|
| Posted by Logicidea, 10-16-2009, 11:07 AM | | Do you mean stopping for example the exim service? What about things like phpmailer, or a direct write on port 25, if I'm not mistaken, that would be a way to circumvent this.
|
| Posted by activelobby4u, 10-16-2009, 05:33 PM | | are you running a hosting control panel ?
|
| Posted by Logicidea, 10-16-2009, 05:54 PM | | yes, cpanel
|
| Posted by activelobby4u, 10-16-2009, 05:59 PM | | enable suphp, disable nobody mails and track the spammer ..simple
|
| Posted by Gary Brahmi, 10-16-2009, 09:58 PM | | In case you are not working on a control panel and you just want to block the outgoing emails, then a simple iptables rule should be fine to block only outgoing emails.
iptables -A OUTPUT -p tcp --dport 25 -j DROP
This won't require you to stop an entire mail server and miss the incoming emails.
|
| Posted by srenkema, 10-20-2009, 05:11 AM | | Maybe interesting is a solution that temporarily locks accounts on your cPanel server which are detected as spamming accounts and informing you on that? In that way you prevent from being blacklisted and the other cPanel accounts on your shared server(s) won't notice a thing...
what do you think?
|
| Posted by keserhosting, 10-20-2009, 05:25 AM | | Instead of stopping the mails , it is always better to find the spammer and take actions against them as defined in your ToS.
|
| Posted by srenkema, 10-20-2009, 05:32 AM | | often it's not a 'spammer' but a 'spamming account' simply infected without the account-holder being aware of this...
|
| Posted by RDOSTI, 10-20-2009, 06:03 AM | | Install mailscanner and integrate it with clamav.
Close ports 25 and only allow 26. Further if you have WHM/CPanel you have alot of better options to configure exim/mta.
Better than that be sure apache and php is compiled with MailHeaders so you can find out who is sending out bad mail.
Ensure PHP(MAIL) / NOBODY cannot send out emails and try to push everything to SMTP authenticaiton. SuPHP is another option.
Ensure EXIM doesnt allow more than xxx emails per hour per domain. This is what *smart* providers use and though it might be annoying for clients it keeps you safer and well protected. Google and Godaddy use similar per hour limitations.
Hope some of these many suggestions help. I would suggest going through all of them, but if you feel one or two does the trick go with that.
Best REgards,
|
| Posted by inspiron, 10-20-2009, 06:31 AM | | You can use suPHP to add extra tracking to the headers, you can enable the extended login into exim, you can install a sendmailer logger, etc this will help you to track the spammers.
|
|
 Add to Favourites
 Print this Article
|
